By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The Bethesda, Md.-based SANS Internet Storm Center (ISC) noted on its Web site that the proof-of-concept code focuses on the following:

MS05-005, which fixes a buffer overrun in Microsoft Office XP software. According to the Common Vulnerabilities and Exposures Web site, an attacker could exploit the flaw to launch malicious code and take control of the affected system using "a link with a URL file location containing long inputs after (1) '%00' (null byte) in .doc filenames or (2) '%0a' (carriage return) in .rtf filenames."

MS05-009, which fixes a glitch in Media Player, Windows Messenger and MSN Messenger that an attacker could also use to take control of vulnerable machines.

Media Player doesn't properly handle .png files with excessive width or height. "An attacker could try to exploit the vulnerability by constructing a malicious .png that could potentially allow remote code execution if a user visited a malicious Web site or clicked a link in a malicious e-mail message," Microsoft said. Windows Messenger and MSN Messenger also improperly handle corrupt or malformed .png files.

"Both of these are on the critical patch list, and we expect to see malware utilizing either of these attacks in the near future," the ISC said. "The portion of MS05-009 that relates to MSN Messenger, the… libpng vulnerability, is especially serious, as CORE Security has determined that this attack may be possible to execute in a completely undetected manner to the end user with little to no user interaction, depending on MSN client settings."

In both cases the exploit code isn't considered dangerous. But security experts said damaging attacks could quickly follow the proof-of-concept code, and urged users to patch their systems as soon as possible.

The 13th patch

Meanwhile, ISC pointed out that in Tuesday's ruckus, "many of us missed the fact that Microsoft quietly issued an update to the MS04-035 SMTP server DNS validation overflow issue from October, 2004. It appears that Exchange 2003 and the 'Exchange-Lite' SMTP Server bundled with Windows Server 2003 are also susceptible to this attack. Get'cher patch on."

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy